Better XPC headers?

opa334 · Oct 24, 2023 · 5428f8e · 5428f8e
1 parent 73a345f
commit 5428f8e
Show file tree

Hide file tree

Showing 9 changed files with 903 additions and 205 deletions.
diff --git a/BaseBin/_shared/launch.h b/BaseBin/_shared/launch.h
diff --git a/BaseBin/_shared/xpc/activity.h b/BaseBin/_shared/xpc/activity.h
@@ -35,15 +35,15 @@ __BEGIN_DECLS
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_INTERVAL;
+const char * const XPC_ACTIVITY_INTERVAL;
 
 /*!
  * @constant XPC_ACTIVITY_REPEATING
  * A boolean property indicating whether this is a repeating activity.
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_REPEATING;
+const char * const XPC_ACTIVITY_REPEATING;
 
 /*!
  * @constant XPC_ACTIVITY_DELAY
@@ -52,7 +52,7 @@ const char *XPC_ACTIVITY_REPEATING;
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_DELAY;
+const char * const XPC_ACTIVITY_DELAY;
 
 /*!
  * @constant XPC_ACTIVITY_GRACE_PERIOD
@@ -61,7 +61,7 @@ const char *XPC_ACTIVITY_DELAY;
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_GRACE_PERIOD;
+const char * const XPC_ACTIVITY_GRACE_PERIOD;
 
 
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
@@ -106,27 +106,41 @@ const int64_t XPC_ACTIVITY_INTERVAL_7_DAYS;
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_PRIORITY;
+const char * const XPC_ACTIVITY_PRIORITY;
 
 /*!
  * @constant XPC_ACTIVITY_PRIORITY_MAINTENANCE
  * A string indicating activity is maintenance priority.
+ *
  * Maintenance priority is intended for user-invisible maintenance tasks
  * such as garbage collection or optimization.
+ *
+ * Maintenance activities are not permitted to run if the device thermal
+ * condition exceeds a nominal level or if the battery level is lower than 20%.
+ * In Low Power Mode (on supported devices), maintenance activities are not
+ * permitted to run while the device is on battery, or plugged in and the
+ * battery level is lower than 30%.
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_PRIORITY_MAINTENANCE;
+const char * const XPC_ACTIVITY_PRIORITY_MAINTENANCE;
 
 /*!
  * @constant XPC_ACTIVITY_PRIORITY_UTILITY
  * A string indicating activity is utility priority.
+ *
  * Utility priority is intended for user-visible tasks such as fetching data
  * from the network, copying files, or importing data.
+ *
+ * Utility activities are not permitted to run if the device thermal condition
+ * exceeds a moderate level or if the battery level is less than 10%.  In Low
+ * Power Mode (on supported devices) when on battery power, utility activities
+ * are only permitted when they are close to their deadline (90% of their time
+ * window has elapsed).
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_PRIORITY_UTILITY;
+const char * const XPC_ACTIVITY_PRIORITY_UTILITY;
 
 /*!
  * @constant XPC_ACTIVITY_ALLOW_BATTERY
@@ -136,19 +150,33 @@ const char *XPC_ACTIVITY_PRIORITY_UTILITY;
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_ALLOW_BATTERY;
+const char * const XPC_ACTIVITY_ALLOW_BATTERY;
 
 /*!
  * @constant XPC_ACTIVITY_REQUIRE_SCREEN_SLEEP
  * A Boolean value indicating whether the activity should only be performed
  * while device appears to be asleep.  Note that the definition of screen sleep
- * may very by platform and may include states where the device is known to be
+ * may vary by platform and may include states where the device is known to be
  * idle despite the fact that the display itself is still powered.  Defaults to
  * false.
  */
 __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0)
 XPC_EXPORT
-const char *XPC_ACTIVITY_REQUIRE_SCREEN_SLEEP; // bool
+const char * const XPC_ACTIVITY_REQUIRE_SCREEN_SLEEP; // bool
+
+/*!
+ * @constant XPC_ACTIVITY_PREVENT_DEVICE_SLEEP
+ * A Boolean value indicating whether the activity should prevent system sleep while
+ * running on battery.
+ * If this property is set, the activity scheduler will take the appropriate power
+ * assertion to keep the device (but not the screen) awake while the activity is running.
+ * Only activities which perform critical system functions that do not want to be
+ * interrupted by system sleep should set this.
+ * Setting this property can impact battery life.
+ */
+__API_AVAILABLE(macos(12.0), ios(15.0), watchos(8.0))
+XPC_EXPORT
+const char * const XPC_ACTIVITY_PREVENT_DEVICE_SLEEP; // bool
 
 /*!
  * @constant XPC_ACTIVITY_REQUIRE_BATTERY_LEVEL
@@ -159,7 +187,7 @@ const char *XPC_ACTIVITY_REQUIRE_SCREEN_SLEEP; // bool
 __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_9, __MAC_10_9, __IPHONE_7_0, __IPHONE_7_0,
 	"REQUIRE_BATTERY_LEVEL is not implemented")
 XPC_EXPORT
-const char *XPC_ACTIVITY_REQUIRE_BATTERY_LEVEL; // int (%)
+const char * const XPC_ACTIVITY_REQUIRE_BATTERY_LEVEL; // int (%)
 
 /*!
  * @constant XPC_ACTIVITY_REQUIRE_HDD_SPINNING
@@ -170,7 +198,7 @@ const char *XPC_ACTIVITY_REQUIRE_BATTERY_LEVEL; // int (%)
 __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_9, __MAC_10_9, __IPHONE_7_0, __IPHONE_7_0,
 	"REQUIRE_HDD_SPINNING is not implemented")
 XPC_EXPORT
-const char *XPC_ACTIVITY_REQUIRE_HDD_SPINNING; // bool
+const char * const XPC_ACTIVITY_REQUIRE_HDD_SPINNING; // bool
 
 /*!
  * @define XPC_TYPE_ACTIVITY

diff --git a/BaseBin/_shared/xpc/availability.h b/BaseBin/_shared/xpc/availability.h
@@ -6,6 +6,22 @@
 // Certain parts of the project use all the project's headers but have to build
 // against newer OSX SDKs than ebuild uses -- liblaunch_host being the example.
 // So we need to define these.
+#ifndef __MAC_10_16
+#define __MAC_10_16 101600
+#endif // __MAC_10_16
+
+#ifndef __MAC_10_15
+#define __MAC_10_15 101500
+#define __AVAILABILITY_INTERNAL__MAC_10_15 \
+__attribute__((availability(macosx, introduced=10.15)))
+#endif // __MAC_10_15
+
+#ifndef __MAC_10_14
+#define __MAC_10_14 101400
+#define __AVAILABILITY_INTERNAL__MAC_10_14 \
+__attribute__((availability(macosx, introduced=10.14)))
+#endif // __MAC_10_14
+
 #ifndef __MAC_10_13
 #define __MAC_10_13 101300
 #define __AVAILABILITY_INTERNAL__MAC_10_13 \
@@ -24,6 +40,16 @@
 	__attribute__((availability(macosx, introduced=10.11)))
 #endif // __MAC_10_11
 
+#ifndef __MAC_12_0
+#define __MAC_12_0 120000
+#define __AVAILABILITY_INTERNAL__MAC_12_0 \
+	__attribute__((availability(macosx, introduced=12.0)))
+#endif // __MAC_12_0
+
+#ifndef __MAC_13_3
+#define __MAC_13_3 130300
+#endif // __MAC_13_3
+
 #ifndef __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11
 #define __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11
 #endif // __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11

diff --git a/BaseBin/_shared/xpc/base.h b/BaseBin/_shared/xpc/base.h
@@ -29,11 +29,7 @@ __BEGIN_DECLS
 #include <Availability.h>
 #endif // __has_include(<xpc/availability.h>)
 
-#if XPC_SERVICE_MAIN_IN_LIBXPC
-#define XPC_HOSTING_OLD_MAIN 1
-#else // XPC_SERVICE_MAIN_IN_LIBXPC
-#define XPC_HOSTING_OLD_MAIN 0
-#endif // XPC_SERVICE_MAIN_IN_LIBXPC
+#include <os/availability.h>
 
 #ifndef __XPC_INDIRECT__
 #error "Please #include <xpc/xpc.h> instead of this file directly."
@@ -89,13 +85,17 @@ __BEGIN_DECLS
 #define XPC_DEPRECATED(m) __attribute__((deprecated(m)))
 #else // __clang__
 #define XPC_DEPRECATED(m) __attribute__((deprecated))
-#endif // __clang 
-
-#if __XPC_TEST__
-#define XPC_TESTSTATIC 
-#else // __XPC_TEST__
+#endif // __clang
+#ifndef XPC_TESTEXPORT
+#define XPC_TESTEXPORT XPC_NOEXPORT
+#endif // XPC_TESTEXPORT
+
+#if defined(__XPC_TEST__) && __XPC_TEST__
+#define XPC_TESTSTATIC
+#define XPC_TESTEXTERN extern
+#else // defined(__XPC_TEST__) && __XPC_TEST__
 #define XPC_TESTSTATIC static
-#endif // __XPC_TEST__
+#endif // defined(__XPC_TEST__) && __XPC_TEST__
 
 #if __has_feature(objc_arc)
 #define XPC_GIVES_REFERENCE __strong
@@ -195,6 +195,50 @@ __BEGIN_DECLS
 #define XPC_NONNULL_ARRAY
 #endif
 
+#if defined(__has_ptrcheck) && __has_ptrcheck
+#define XPC_PTR_ASSUMES_SINGLE __ptrcheck_abi_assume_single()
+#define XPC_SINGLE __single
+#define XPC_UNSAFE_INDEXABLE __unsafe_indexable
+#define XPC_CSTRING XPC_UNSAFE_INDEXABLE
+#define XPC_SIZEDBY(N) __sized_by(N)
+#define XPC_COUNTEDBY(N) __counted_by(N)
+#define XPC_UNSAFE_FORGE_SIZED_BY(_type, _ptr, _size) \
+		__unsafe_forge_bidi_indexable(_type, _ptr, _size)
+#define XPC_UNSAFE_FORGE_SINGLE(_type, _ptr) \
+		__unsafe_forge_single(_type, _ptr)
+#else // defined(__has_ptrcheck) ** __has_ptrcheck
+#define XPC_PTR_ASSUMES_SINGLE
+#define XPC_SINGLE
+#define XPC_UNSAFE_INDEXABLE
+#define XPC_CSTRING
+#define XPC_SIZEDBY(N)
+#define XPC_COUNTEDBY(N)
+#define XPC_UNSAFE_FORGE_SIZED_BY(_type, _ptr, _size) ((_type)(_ptr))
+#define XPC_UNSAFE_FORGE_SINGLE(_type, _ptr) ((_type)(_ptr))
+#endif // defined(__has_ptrcheck) ** __has_ptrcheck
+
+#ifdef OS_CLOSED_OPTIONS
+#define XPC_FLAGS_ENUM(_name, _type, ...) \
+		OS_CLOSED_OPTIONS(_name, _type, __VA_ARGS__)
+#else // OS_CLOSED_ENUM
+#define XPC_FLAGS_ENUM(_name, _type, ...) \
+		OS_ENUM(_name, _type, __VA_ARGS__)
+#endif // OS_CLOSED_ENUM
+
+#ifdef OS_CLOSED_ENUM
+#define XPC_ENUM(_name, _type, ...) \
+		OS_CLOSED_ENUM(_name, _type, __VA_ARGS__)
+#else // OS_CLOSED_ENUM
+#define XPC_ENUM(_name, _type, ...) \
+		OS_ENUM(_name, _type, __VA_ARGS__)
+#endif // OS_CLOSED_ENUM
+
+#if __has_attribute(swift_name)
+# define XPC_SWIFT_NAME(_name) __attribute__((swift_name(_name)))
+#else
+# define XPC_SWIFT_NAME(_name) // __has_attribute(swift_name)
+#endif
+
 __END_DECLS
 
 #endif // __XPC_BASE_H__ 
diff --git a/BaseBin/_shared/xpc/connection.h b/BaseBin/_shared/xpc/connection.h
@@ -79,6 +79,20 @@ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0)
 XPC_EXPORT
 const struct _xpc_dictionary_s _xpc_error_termination_imminent;
 
+/*!
+ * @constant XPC_ERROR_PEER_CODE_SIGNING_REQUIREMENT
+ * On macOS, this error will be delivered to a peer connection's event handler
+ * when the XPC runtime has detected that a peer connection does not
+ * satisfy the code signing requirement specified for the connection.
+ *
+ * See {@link xpc_connection_set_peer_code_signing_requirement}
+ */
+#define XPC_ERROR_PEER_CODE_SIGNING_REQUIREMENT \
+	XPC_GLOBAL_OBJECT(_xpc_error_peer_code_signing_requirement)
+__API_AVAILABLE(macos(12.0))
+XPC_EXPORT
+const struct _xpc_dictionary_s _xpc_error_peer_code_signing_requirement;
+
 /*!
  * @constant XPC_CONNECTION_MACH_SERVICE_LISTENER
  * Passed to xpc_connection_create_mach_service(). This flag indicates that the
@@ -243,7 +257,7 @@ xpc_connection_create_from_endpoint(xpc_endpoint_t endpoint);
  *
  * Despite this seeming inconsistency, the XPC runtime guarantees that, when the
  * target queue is a serial queue, the event handler block will execute
- * synchonously with respect to other blocks submitted to that same queue. When
+ * synchronously with respect to other blocks submitted to that same queue. When
  * the target queue is a concurrent queue, the event handler block may run
  * concurrently with other blocks submitted to that queue, but it will never run
  * concurrently with other invocations of itself for the same connection, as
@@ -445,7 +459,7 @@ xpc_connection_send_message(xpc_connection_t connection, xpc_object_t message);
  * @discussion
  * XPC guarantees that, even if the connection's target queue is a concurrent
  * queue, there are no other messages being sent concurrently while the barrier
- * block is executing. XPC does not guarantee that the reciept of messages
+ * block is executing. XPC does not guarantee that the receipt of messages
  * (either through the connection's event handler or through reply handlers)
  * will be suspended while the barrier is executing.
  *
@@ -507,7 +521,7 @@ xpc_connection_send_barrier(xpc_connection_t connection,
  * @discussion
  * If the given GCD queue is a concurrent queue, XPC cannot guarantee that there
  * will not be multiple reply handlers being invoked concurrently. XPC does not
- * guarantee any ordering for the invocation of reply handers. So if multiple
+ * guarantee any ordering for the invocation of reply handlers. So if multiple
  * messages are waiting for replies and the connection goes invalid, there is no
  * guarantee that the reply handlers will be invoked in FIFO order. Similarly,
  * XPC does not guarantee that reply handlers will not run concurrently with
@@ -542,10 +556,11 @@ xpc_connection_send_message_with_reply(xpc_connection_t connection,
  * You are responsible for releasing the returned object.
  *
  * @discussion
- * This API is primarily for transitional purposes. Its implementation is
- * conceptually equivalent to calling xpc_connection_send_message_with_reply()
- * and then immediately blocking the calling thread on a semaphore and
- * signaling the semaphore from the reply block.
+ * This API supports priority inversion avoidance, and should be used instead of
+ * combining xpc_connection_send_message_with_reply() with a semaphore.
+ *
+ * Invoking this API from a queue that is a part of the target queue hierarchy
+ * results in deadlocks under certain conditions.
  *
  * Be judicious about your use of this API. It can block indefinitely, so if you
  * are using it to implement an API that can be called from the main thread, you
@@ -741,6 +756,40 @@ void
 xpc_connection_set_finalizer_f(xpc_connection_t connection,
 	xpc_finalizer_t _Nullable finalizer);
 
+/*!
+ * @function xpc_connection_set_peer_code_signing_requirement
+ * Requires that the connection peer satisfies a code signing requirement.
+ *
+ * @param connection
+ * The connection object which is to be modified.
+ *
+ * @param requirement
+ * The code signing requirement to be satisfied by the peer
+ * It is safe to deallocate the requirement string after calling `xpc_connection_set_peer_code_signing_requirement`
+ *
+ * @result
+ * 0 on success, non-zero on error
+ *
+ * @discussion
+ * This function will return an error promptly if the code signing requirement string is invalid.
+ *
+ * It is a programming error to call `xpc_connection_set_peer_code_signing_requirement` more than once per connection.
+ *
+ * All messages received on this connection will be checked to ensure they come from a peer who satisfies
+ * the code signing requirement. For a listener connection, requests that do not satisfy the requirement
+ * are dropped. When a reply is expected on the connection and the peer does not satisfy the requirement
+ * XPC_ERROR_PEER_CODE_SIGNING_REQUIREMENT will be delivered instead of the reply.
+ *
+ * This API is not supported on embedded platforms and will return ENOTSUP. 
+ *
+ * @see https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/RequirementLang/RequirementLang.html
+ */
+__API_AVAILABLE(macos(12.0))
+XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT
+int
+xpc_connection_set_peer_code_signing_requirement(xpc_connection_t connection, const char *requirement);
+
+
 __END_DECLS
 XPC_ASSUME_NONNULL_END
 

diff --git a/BaseBin/_shared/xpc/private.h b/BaseBin/_shared/xpc/private.h
@@ -1,8 +1,3 @@
-extern XPC_RETURNS_RETAINED xpc_object_t xpc_pipe_create_from_port(mach_port_t port, uint32_t flags);
-extern XPC_RETURNS_RETAINED xpc_object_t xpc_array_create_empty(void);
-extern XPC_RETURNS_RETAINED xpc_object_t xpc_dictionary_create_empty(void);
-extern int xpc_pipe_simpleroutine(xpc_object_t pipe, xpc_object_t message);
-extern int xpc_pipe_routine_reply(xpc_object_t reply);
 void xpc_dictionary_get_audit_token(xpc_object_t xdict, audit_token_t *token);
 char *xpc_strerror (int);